Who Are the Five, Nine, and Fourteen Eyes, and What Do They Do?

VPN enthusiasts have probably come across the Five, Nine, and Fourteen Eyes before, but otherwise, outside of the James Bond movie SPECTRE, the terms haven’t gotten a lot of press. The film is fairly accurate, though – it refers to sets of international intelligence alliances, composed of agreements that govern data collection (spying) and sharing between governments. Don’t worry if you haven’t heard of it – Charlie Chaplin, John Lennon, and Nelson Mandela probably didn’t know about it either, even though information about them was shared between the Eyes.

Five Eyes

The Five Eyes is composed of Australia, Canada, New Zealand, The United Kingdom, and The United States. It formally began in 1946 with the UK and USA and extended to the other nations in 1948. Since then it has only grown in scope and scale, and now its members automatically share large amounts of intelligence data with each other, from phone records to spy satellite data.

Historically, this alliance has been extremely secretive, though periodic leaks managed to keep suspicion of its existence alive for quite a while. Even the office of the prime minister of Australia, one of the original signatories to the agreement, wasn’t aware of it until 1973. Eventually, the agreement was confirmed in 2005 with the full text of the original UKUSA agreement released in 2010, though its full scope wasn’t discovered until the Snowden leaks in 2013.

So what do they actually do? We probably don’t know everything, but they have some very sophisticated technology for both targeted and dragnet surveillance – “dragnet” meaning “scooping up data indiscriminately for later analysis.”

They’ve generally been focused on SIGINT, or signals intelligence, so if there’s a way for you to electronically communicate with someone, an intelligence agency may be listening. The Five Eyes agreement means that each member nation has access to the other nation’s databases and technologies, mostly through a centralized, automatically-updated database system nicknamed “Stone Ghost” that enables access by each nation to the other four nations’ intelligence.

Most of these countries prohibit their governments from spying on their own citizens without going through legal channels, but the Five Eyes agreement enables an interesting loophole: other countries can spy on your citizens for you, then share that information. While there isn’t much data on how often this happens, there have been confirmed instances, including the instances with New Zealand’s prime minister, John Key, in 2015 and Princess Diana in the 1990s.

The Nine and Fourteen Eyes

While the Five Eyes are the most tight-knit group, with their automatic data-sharing agreements, the Nine and the Fourteen are close behind. Little is known about exactly what separates them in practical terms, but presumably, the channels for intelligence-sharing are a little narrower – maybe no direct access to Stone Ghost, for example.

The Nine Eyes include the Five Eyes, as well as Denmark, France, the Netherlands, and Norway. We don’t know much more about them than that – there isn’t much in the way of official documentation. In lieu of more satisfying evidence, we may as well just assume that the Nine Eyes featured in the James Bond film SPECTRE are an accurate representation of the real Nine Eyes.

The Fourteen Eyes

The Fourteen Eyes are the Nine Eyes, plus Germany, Belgium, Italy, Spain, and Sweden, and are in a separate group due to their membership in the SSEUR, or SIGINT (Signals Intelligence) Seniors Europe, an intelligence alliance that primarily operates in Europe. Like the Nine Eyes, we don’t know exactly how their access level differs, but Germany, Sweden, and Japan were apparently allowed to use XKeyScore, the “one-stop shop for access to the NSA’s information,” according to Edward Snowden. If a Fourteen Eyes country has access to that, odds are they’re privy to a lot of information.

Non-Eyes agreements

Though they don’t share the “Eyes” designation, there are plenty more categories for countries that share information with each other. SIGINT Seniors Pacific (SSPAC) also includes India, Singapore, South Korea, and Thailand. They can be roughly compared to the extra countries in the Fourteen Eyes since they’re simply another branch of SIGINT Seniors.

Last but not least in the world of large-scale intelligence alliances is the US’s collection of third-party SIGINT partners, which includes thirty-three countries scattered across Africa, Asia, and Europe. Previous to the release of the top-secret documents detailing these countries, many of their higher government officials, possibly even leaders, may have been unaware that they were part of the arrangement, as the agreements were typically established directly with intelligence agencies and were “rarely disrupted by foreign [political] perturbations.”

What do they get up to, and how does it affect people?

The Eyes and other intelligence partners have enough surveillance operations running to fill some very thick books. In general, though, their technology can be generally described as invasive monitoring tools capable of collecting the vast majority of information that is sent over any sort of line/signal or stored on any Internet-connected device. Beyond that, the sharing agreements also include non-communication intelligence, like defense, human, and geospatial intelligence.

The Eyes and other partnerships allow the involved nations to have access to far more detailed information than they could collect on their own. These tools and sharing programs have been used successfully against terrorism several times, which is why they continue to enjoy some support, but regular citizens’ data is routinely swept up, stored, analyzed, and shared under the program, which many argue is quite an invasion of privacy.

Now that they are out in the open, though, the Eyes may actually be able to get a bit more done than they could when they were in the shadows. In September 2018 they made the news for a joint memo that the Five Eyes nations issued saying they were looking at getting into the business of breaking encryption, either by their own joint research or by legislative methods, such as forcing companies to provide access to their encrypted products or build in backdoors. That’s clearly not great for privacy and could be a big problem for cybersecurity, too.

In general, unless you’re a criminal, political activist, privacy advocate, or conspiracy theorist, this doesn’t directly affect your life much. In the future, though, these alliances could affect some big public policy and tech issues.

So, time for a VPN?

If you’re looking to get a VPN, it’s often advised that you get one located outside of the Eyes, though to be extra-safe, you’ll want to avoid the third-party countries and SSPAC as well. If your VPN is based outside of those, it stands a better-than-average chance of being private, but there’s still no guarantee, given the spiderwebs of intelligence-sharing agreements that haven’t had their existence leaked yet.

A multi-hop VPN, which bounces your signal through several different countries, is a good way to make sure nobody can get back to you, but it’s slower and more expensive. Tor is always a good choice as well, but if you really care, you should be using this with a VPN as well, given that traffic between the Tor exit node and the destination server is not encrypted, and some of the nodes are actually run and monitored by intelligence agencies.

Unknown Unknowns

The conspiracy theorists who claimed that there was a worldwide surveillance network probably had a field day when it turned out that there was actually not just one, but several. But for every one we know about, there are probably many more that remain a safely-guarded secret. Since the leaks, new agencies and agreements have likely been established, and new tools have likely been developed using the advances in artificial intelligence and blockchain that we have seen over the last few years. For now, though, being informed about what we do know is still a good habit, as some policies can have real-world implications.

2 comments

“If your VPN is based outside of those, it stands a better-than-average chance of being private” How trustworthy are the VPNs located in countries that you did not mention? Since very little is know about the extent of the surveillance networks, how can we be sure of ANY VPN?

That’s actually how the sentence you quoted ends :D “If your VPN is based outside of those, it stands a better-than-average chance of being private, but there’s still no guarantee, given the spiderwebs of intelligence-sharing agreements that haven’t had their existence leaked yet.”

Everything we know about intelligence agreements comes with a pretty large confidence interval, since it’s very much in those agreements’ interest to remain secret, but since we don’t have anything to go off of except what we DO know, we may as well make guesses based on that until further information is available. If you’re looking for strong data privacy laws and no document US ties, Iceland is a good bet :)